Method and apparatus for providing protection against spam

ABSTRACT

A method and apparatus for providing protection against spam calls are disclosed. For example, the method receives a signaling message for setting up a call to a customer, and determines whether the call is from a caller that has been identified as being a spammer. The method processes the call using one or more filter rules for the customer, if the caller has been identified as being a spammer.

This application is a continuation of U.S. patent application Ser. No.12/340,487, filed Dec. 19, 2008, which is currently allowed and isherein incorporated by reference in its entirety.

The present invention relates generally to protection of networks and,in particular, to a method and apparatus for providing protectionagainst spam in networks, e.g., Internet Protocol (IP) networks, Voiceover Internet Protocol (VoIP) networks, Service over Internet Protocol(SoIP) networks, etc.

BACKGROUND OF THE INVENTION

Much of today's important business and consumer applications rely oncommunications infrastructures such as the Internet. Businesses andconsumers need to provide protection to their network from hostileactivities while being able to communicate with others via theinfrastructure. For example, businesses and consumers need to be able tosend and receive voice and data packets. However, businesses andconsumers also need to minimize the amount of unsolicited andundesirable content delivered to endpoint devices such as computers. Theunsolicited and undesirable content is referred to as spam. For example,an undesirable and unsolicited email may be referred to as spam email.In another example, an undesirable and unsolicited voice call may bereferred to as a spam voice call.

The protection of endpoint devices is typically accomplished by using agateway or a dedicated application server to scan incoming packets andperform filtering prior to forwarding to the endpoint devices. Forexample, the gateway server or an email server may scan incoming emails,and redirect or remove spam emails (unsolicited and undesirable emails).Thus, the endpoint devices will not receive the spam emails.

However, some applications do not tolerate the delay associated withonline scanning. For example, voice calls are typically processed inreal time. For example, if a voice call is destined to a customer, thenthe call is forwarded towards the customer's endpoint device prior toscanning. Therefore, by the time any scanning of the content of a phonecall is performed, the call has already reached the customer.

SUMMARY OF THE INVENTION

In one embodiment, the present invention discloses a method andapparatus for providing protection against spam calls. For example, themethod receives a signaling message for setting up a call to a customer,and determines whether the call is from a caller that has beenidentified as being a spammer. The method processes the call using oneor more filter rules for the customer, if the caller has been identifiedas being a spammer.

BRIEF DESCRIPTION OF THE DRAWINGS

The teaching of the present invention can be readily understood byconsidering the following detailed description in conjunction with theaccompanying drawings, in which:

FIG. 1 illustrates an exemplary network related to the presentinvention;

FIG. 2 illustrates an exemplary network for providing protection againstspam;

FIG. 3 illustrates a flowchart of a method for providing protectionagainst spam; and

FIG. 4 illustrates a high level block diagram of a general purposecomputer suitable for use in performing the functions described herein.

To facilitate understanding, identical reference numerals have beenused, where possible, to designate identical elements that are common tothe figures.

DETAILED DESCRIPTION

The present invention broadly discloses a method and apparatus forproviding protection against spam. Although the present invention isdiscussed below in the context of IP networks, the present invention isnot so limited. Namely, the present invention can be used for othernetworks such as cellular networks, wireless networks and the like.

Furthermore, although the present invention is described below in thecontext of spam voice calls, the present invention is not so limited.For example, the present invention can also be implemented to addressunwanted content for delay sensitive applications, or applications inwhich multiple levels of delay sensitivity may exist, such as multipleservices provided over a Service over Internet Protocol (SoIP) network.

FIG. 1 is a block diagram depicting an exemplary configuration of acommunication system 100 constructed in accordance with one or moreaspects of the invention. In one embodiment, a plurality of endpointdevices 102-104 is configured for communication with the core packetnetwork 110 via an access network 101. Similarly, a plurality ofendpoint devices 105-107 are configured for communication with the corepacket network 110 (e.g., an IP based core backbone network supported bya service provider) via an access network 108. The network elements 109and 111 may serve as gateway servers or edge routers for the network110.

The endpoint devices 102-107 may comprise customer endpoint devices suchas personal computers, laptop computers, personal digital assistants(PDAs), servers, and the like. The access networks 101 and 108 serve asa conduit to establish a connection between the endpoint devices 102-107and the network elements 109 and 111 of the core network 110. The accessnetworks 101, 108 may each comprise a digital subscriber line (DSL)network, a broadband cable access network, a local area network (LAN), awireless access network (WAN), the Internet, and the like. Some networkelements (e.g., NEs 109 and 111) reside at the edge of the coreinfrastructure and interface with customer endpoints for signaling androuting purposes over various types of access networks. An NE istypically implemented as an edge router, a media gateway, a borderelement, a firewall, and the like. An NE may also include a componentthat resides within the network (e.g., NEs 118-120) such as a mailserver, a honeypot, a tarpit, or like devices. The core network 110 mayalso comprise an application server 112 that contains a database 115.The application server 112 may comprise any server or computer that iswell known in the art, and the database 115 may be any type ofelectronic collection of data that is well known in the art. (See alsoFIG. 4). Those skilled in the art will realize that although only sixendpoint devices, two access networks, and five network elements (NEs)are depicted in FIG. 1, the communication system 100 may be expanded byincluding additional endpoint devices, access networks, and networkelements without altering the present invention.

The above IP network is described to provide an illustrative environmentin which voice, data and video packets can be transmitted oncommunication networks. For example, businesses need to be able tocommunicate with customers, suppliers, and etc. via electronic mail,voice call, and the like. However, businesses want to minimize theamount of unsolicited and undesirable content (also known as spam)delivered to their endpoint devices such as computers, laptops, personaldigital assistants (PDAs), mobile phones and the like. The protection ofendpoint devices may be accomplished by using a gateway server and/or adedicated application server to scan all incoming packets and performfiltering of spam prior to forwarding to the endpoint devices.

For example, an email server may scan incoming emails and redirect orremove the spam emails. Scanning incoming emails prior to forwarding tothe destination endpoint device introduces a delay. Thus, a customer mayweigh the benefit of scanning and filtering incoming emails against thecost of delaying the emails. Unfortunately, some applications may nottolerate the delay associated with the online scanning of content. Forexample, voice calls are typically processed in real time. For example,if a service provider, e.g., a VoIP service provider, receives a voicecall destined to a customer, the service provider will forward the calltowards the customer's endpoint device in real time before any contentbased scanning and filtering can be performed. In other words, acustomer expects calls to be forwarded by the service providerimmediately without delay. As a result, customers may receive spam voicecalls.

In one embodiment, the current invention provides a method and anapparatus for providing protection against spam voice calls. Forexample, the current method provides a centralized application server inthe service provider's network that identifies and maintains a list ofspammers. The application server may gather spam reports/feedback fromthe one or more edge access routers (further described below). Theapplication server may then identify VoIP call spammers by processingthe gathered spam reports and performing correlations. For example, if apre-determined number of customers (e.g., 100 customers, 1000 customersand so on) report a call from a specific calling party (e.g., anInternet Protocol (IP) address or a phone number) as being a spam call,the application server may then gather inputs from the customers and beable to identify the caller in the future as being a spammer. In turn,the spammer's phone number and/or IP address may then be added to a listof known spammers maintained by the application server.

In one embodiment, the current method also provides one or moresignaling gateway routers at the edge of the service provider's network.The signaling gateway routers are used for receiving signaling messagesfrom the customer endpoint devices and/or for forwarding signalingmessages from Call Control Elements (CCEs) to the customer endpointdevices. For example, if a call is initiated by the customer, the SIPgateway server may receive the signaling message from the customer. TheSIP gateway may then forward the signaling message towards the CCE. TheCCE may then determine the routing information for the destinationaddress and forward the signaling message accordingly.

In one embodiment, the current method also provides edge access routersfor providing media path between calling and called parties. That is, ifthe call is successful, a media path is established between the callingand called parties traversing the edge access routers. For example, thesignaling messages for establishing a call between a calling and acalled party may traverse the SIP gateway routers while the media pathtraverses the edge access routers. In one embodiment, the edge accessrouter is in communication with the signaling gateway router thathandles the call. For example, the edge access router for the calledparty is in communication with the SIP gateway router handling thesignaling message for the called party. Once the media path isestablished, the calling and called parties may then send and receivevoice packets.

In one embodiment, the method allows a customer via an endpoint deviceto provide feedback to the centralized application server (describedabove). The customer endpoint device communicates with the serviceprovider's network through a signaling gateway router and an edge accessrouter located at the edge of the service provider's network. Forexample, signaling messages from the customer endpoint device may reachthe signaling gateway router in the service provider's network via theInternet. Similarly, media packets from the customer endpoint device mayreach the edge access router in the service provider's network via theInternet.

In one embodiment, the current method provides a spam call filter in oneor more signaling gateway routers, such as SIP gateway routers. Thesignaling gateway router that handles the signaling messages to/from acustomer's endpoint device may perform spam call filtering for thecustomer. In one embodiment, the customer may provide the signalinggateway router with one or more filter rules to be applied to theincoming calls. For example, the customer may provide a filter rule thatrequests that a spam rating and/or category (e.g., telemarketer,charitable organization, etc.) associated with an incoming call, ifavailable, be displayed on a customer's endpoint device. In other words,if an incoming call has been identified by the signaling gateway routeras being a potential spam call, then the signaling gateway router willforward the call to the customer endpoint device along with theinformation that can be displayed on the customer endpoint deviceshowing a spam rating, e.g., 1-10, where 10 represents a very highprobability that the call is a spam call.

In another example, the filter rule may specify that calls originatingfrom an IP address that is being used by one or more spammers beblocked. For example, over a period of time, a service provider maydeduce (e.g., from inputs received from a plurality of users, or inputsfrom other service providers) that an originating IP address isassociated with a spammer. As such, when an incoming call from thespammer identified by its IP address is directed to the customer, afilter rule specified by the customer may cause the incoming call to beblocked.

Thus, in one embodiment, the filtering of spam call (e.g., performed bythe signaling gateway router) may then be based on the one or morefilter rules received from the customer. For example, when a signalinggateway router or a SIP gateway router receives a call destined towardsa customer, the signaling gateway router or may perform filteringactions in accordance with the customer's filter rules.

In one embodiment, the signaling gateway router queries the centralizedapplication server to determine if a call is from a spammer. If the callis not identified as being from a spammer, the call may then beforwarded towards the customer endpoint device. If the call is from aspammer, the signaling gateway router may provide the customer withadditional information pertaining to the call, e.g., a spam ratingand/or a category of the call. For example, the signaling message forsetting up the call may include the spam rating and/or the category. Thecustomer may then view the rating and/or the category of the call on thedisplay of the endpoint device and will be able to make an informeddecision whether to answer the call.

In one alternate embodiment, the signaling gateway router is able todetermine if a call destined towards a customer is from a spammer byanalyzing information contained within the signaling message. In otherwords, the signaling gateway router does not directly query thecentralized application server as discussed above. Instead, the CCE mayfirst query the centralized application server prior to forwarding thesignaling message towards the gateway router. The response to the querymay then be used by the CCE to determine whether or not the call is froma spammer and the signaling message sent to the signaling gateway routeris adjusted accordingly.

In one embodiment, the response to the query by the centralizedapplication server may comprise more refined spammer information, e.g.,a rating of a spammer, a category of a spammer (e.g., a telemarketer fora type of good or service, a political organization, or a charitableorganization), and so on. If the call is from a spammer, the CCE maythen forward the signaling message and/or spammer information towardsthe signaling gateway router. For example, the signaling message fromthe CCE to the SIP gateway router may indicate that the call is from aspammer and the spammer is known to be a telemarketer for a credit cardcompany. The SIP gateway router may then handle the call in accordancewith the customer's filter rules.

For example, a filter rule from the customer may specify blocking allspam calls. In another example, the filter rule may specify blockingspam calls of a specific category, e.g., from telemarketers, but notfrom charitable organizations. In another example, the filter rule mayspecify a time of day or a day of week for handling such spam calls. Forexample, the filter rule may block all spam calls from 7:00pm to 7:00am,or the filter rule may block all spam calls for Saturday and Sunday, andso on.

Once a call destined towards a customer is established, the customer maysubsequently determine from the conversation that the call is a spamcall, i.e., from a spammer. The customer may then provide a feedback tothe service provider indicating that the call is a spam call. Forexample, the customer may enter a code via a telephone keypad (real orvirtual) to activate reporting of a spam call. In another example, theendpoint device may have a dedicated spam reporting button (key) and/ora software component that enables the customer to input information thatidentifies a phone call as a spam call. The signaling for the feedbackis transmitted towards the signaling gateway router handling the call.

In one embodiment, the current method also provides a call recordingsystem in one or more edge access routers. For example, if a calledparty identifies a call as a spam call, the SIP gateway router for thecalled party may redirect the call to the edge access router for thecalled party. The edge access router may then capture a predeterminedamount of the signaling and data packets for analysis. For example, theedge access router may record the SIP packets (if SIP signaling is used)and the voice packets in the call recording system. In one embodiment,the recorded information by the call recording system may comprise oneor more of: the source of the call, e.g., an IP address, the route usedby the call, a rating of the content of the call (broadly a spamrating), a category of the spam content (e.g., the type of organizationor the intention of call) and a predetermined amount of voice packets(e.g., to deduce the length of the spam call, if the spam call is apre-recorded message).

In one embodiment, the edge access router may then provide a spam reportto the centralized application server that maintains the list ofspammers. The application server may gather the spam reports and performcorrelations to identify and maintain the list of spammers. As describedabove, the signaling gateway router may then use the list of spammers inconjunction with the filter rules received from the customer, to filterany spam calls.

In one embodiment, the above application server that identifies spammersand maintains the list of spammers may identify a foreign gateway fromwhich multiple VoIP spam calls have been reported as being a gatewayused by one or more spammers and add it to the list of spammers. Forexample, the application server may identify the foreign gateway as aspammer in the same way it identifies an individual IP address or phonenumber.

In one embodiment, the above customer endpoint device may comprise adisplay for showing a spam rating and/or a spam category of an incomingcall. For example, the phone may have a display that shows that thecaller is identified as a telemarketer.

In one embodiment, the display for showing a spam rating and/or categorymay be configurable by the customer. For example, the customer may wishto block calls only from a specific category of spammer. For example,the customer may wish to block calls from telemarketers while receivingcalls from charitable organizations, political campaigns, etc. Inanother example, the customer may wish to block spam calls thatoriginate outside of a specific area, e.g., all spam calls originatingfrom a foreign country.

In one embodiment, the rules for displaying, filtering and reporting ofa spam call are configurable by the customer. For example, a customermay wish to block all potential spam calls. Alternatively, a customermay wish to reduce the chance of non-spam calls from being blocked, byallowing calls from source addresses that may originate both spam andnon-spam calls to be accepted. For example, a foreign gateway may beused for spam or non-spam calls. Therefore, a customer with a filterrule that blocks all calls from a specific foreign gateway, may causenon-spam calls routed through the same foreign gateway to be blockedunnecessarily.

FIG. 2 illustrates an exemplary network 200 for providing protectionagainst spam. In one embodiment, the network 200 comprises a customerendpoint device 102 accessing services from the IP/MPLS core network 110through the Internet 101. The IP/MPLS core network 110 also comprisessignaling gateway routers 209 and 211, edge access routers 219 and 229,a call control element 214, an application server 215 for identifyingspammers and maintaining a list of spammers, and a database 216 forstoring the list of spammers. In one embodiment, the application server215 collects spam reports from the edge access routers 219 and 229periodically. For example, the edge access router may periodicallyupload a list of spam calls, details of the spam call (e.g., category ofspam call), etc. into the application server 215 and/or the database216.

In one embodiment, signaling messages to/from the customer endpointdevice 102 reach the IP/MPLS core network 110 via the internet 101 andthe signaling gateway router 209. Media packets to/from the customerendpoint device 102 reach the IP/MPLS core network 110 via the Internet101 and the edge access router 219. Similarly, the signaling gatewayrouter 211 and the edge access router 229 are used for connecting to thecustomer endpoint device 105 via another access network 108.

In one embodiment, the edge access router 219 comprises a call recordingsystem 220 and the signaling gateway router 209 comprises a database 230for storing filter rules. The database 230 for filter rules may be usedfor providing customized spam filtering of incoming calls destined tothe customer endpoint device 102. In one embodiment, the call recordingsystem 220 is used to record SIP signaling and/or voice packets forcalls that a customer has identified as being from a spammer.

In one example, if the IP/MPLS core network 110 receives a call towardsthe customer endpoint device 102, the call control element (CCE) 214 mayreceive the signaling message to setup the call. For example, if a callis originated by the customer endpoint device 105 towards the customerendpoint device 102, the call control element 214 may receive a SIPsignaling message for setting up the call (if SIP is used). The callcontrol element 214 determines the routing logic for the destinationaddress and forwards the signaling message towards the signaling gatewayrouter 209.

In one embodiment, when the signaling gateway router 209 receives thesignaling message for the call destined to the customer endpoint device102, the signaling gateway router 209 is able to determine if the callis from a caller identified as a spammer by the application server 215.In one embodiment, the CCE 214 may have already included the spammingrelated information (e.g., spammer rating and/or category) in thesignaling message. In another embodiment, the signaling gateway routermay actively query the application server 215 directly to obtain thespamming related information.

If the call is identified as being from a spammer, the signaling gatewayrouter 209 retrieves the pertinent filter rules from database 230 andapplies the customer's filter rules. The call may then be processed inaccordance with the customer filter rules. In one example, the call maybe forwarded to the customer along with spamming related information. Inanother example, the call may be blocked. If the call is not identifiedas being from a spammer, the signaling gateway router 209 simplyforwards the call towards the customer endpoint device 102.

The customer may then receive the call and/or spammer relatedinformation (if applicable). If the customer determines that thereceived call is in fact a spam call, the customer may provide afeedback to the signaling gateway router. For example, the customer maypress a spam reporting button or enter a special code (e.g., dialing*987 and so on) to report the spam call. The signaling gateway routermay receive the feedback from the customer and engage the edge accessrouter 219 to record the signaling message and/or voice content of thespam call in the call recording system 220. In turn, the edge accessrouter 220 may then analyze the recorded signaling message and voicecontent, and issue a spam report to application server 215. For example,the spam report may include the caller's IP address, category of spammer(if provided by the customer), etc. The application server 215 maygather information from one or more edge access routers to identifyspammers and update the database 216 accordingly.

FIG. 3 illustrates a flowchart 300 of the method for providingprotection against spam. For example, one or more steps of method 300can be implemented in a signaling gateway router. Method 300 starts instep 305 and proceeds to step 310.

In step 310, method 300 receives a signaling message for setting up acall to a customer. For example, the signaling gateway router servicinga customer receives a signaling message from the CCE for setting up acall to the customer.

In step 315, method 300 determines if the call is from a calleridentified as a spammer. In one embodiment, the signaling gateway routermay analyze the signaling message from the CCE to determine if the callis from a caller identified as a spammer. In another embodiment, thesignaling gateway router may directly query an application server thatidentifies and maintains a list of spammers for the spammer information.If the call is from a spammer, the method proceeds to step 320.Otherwise, the method proceeds to step 380.

In step 320, method 300 determines one or more filter rules for handlingcalls for the customer. For example, the method may retrieve acustomized list of filter rules for handling calls destined towards thecustomer.

In step 325, method 300 processes the call using the one or more filterrules for handling calls for the customer. For example, the method mayblock the call, forward the call to the customer, forward the call tothe customer with spammer information (e.g., rating and/or category),forward to a recording system, etc.

In step 330, method 300 determines if the processing of the callcomprised forwarding the call to the customer. For example, theprocessing may be forwarding the call with spammer information to bedisplayed on the customer's endpoint device. If the processing of thecall comprised forwarding the call, the method proceeds to step 335.Otherwise, the method ends in step 390 or returns to step 310 tocontinue receiving signaling messages.

In step 335, method 300 determines if a feedback is received from thecustomer. For example, the customer may provide a feedback thatindicates that the call is from a spammer. If a feedback is receivedfrom the customer, the method proceeds to step 340. Otherwise, themethod ends in step 390 or returns to step 310 to continue receivingsignaling messages.

In step 340, method 300 processes the feedback. For example, thesignaling gateway router may initiate the processing of the feedback andthe recording of the signaling message and/or content (e.g., voicecontent) in a call recording system provided in an edge access routerused by the media path.

For example, the voice and signaling packets from the calling party maybe recorded for a more detailed analysis. Alternatively, the customermay be given a plurality of options to define the category of thespammer. For example, once the customer has indicated that a currentcall is a spam call, the signaling gateway router may present thecustomer with a plurality of choices to define the spam call (e.g.,“please press 1 if the call was a telemarketer, please press 2 if thecall was a charitable organization, please press 3 if the call was apolitical organization, and so on). The selection made by the customercan be broadly deemed to be input provided by the customer. It should benoted that other methods of receiving customer inputs can beimplemented, e.g., receiving a verbal comment from the customer via avoice recognition module, and so on. The edge access router may thenforward the recorded content and/or spam report to the applicationserver maintaining the list of spammers. The method ends in step 390 orreturns to step 310 to continue receiving signaling messages.

In step 380, method 300 processes the call in accordance with normalprocedure. For example, the call may be forwarded towards the customer.The method ends in step 390 or returns to step 310 to continue receivingsignaling messages.

It should be noted that although not specifically specified, one or moresteps of method 300 may include a storing, displaying and/or outputtingstep as required for a particular application. In other words, any data,records, fields, and/or intermediate results discussed in the method 300can be stored, displayed and/or outputted to another device as requiredfor a particular application. Furthermore, steps or blocks in FIG. 3that recite a determining operation, or involve a decision, do notnecessarily require that both branches of the determining operation bepracticed. In other words, one of the branches of the determiningoperation can be deemed as an optional step.

FIG. 4 depicts a high-level block diagram of a general-purpose computersuitable for use in performing the functions described herein. Asdepicted in FIG. 4, the system 400 comprises a processor element 402(e.g., a CPU), a memory 404, e.g., random access memory (RAM) and/orread only memory (ROM), a module 405 for providing protection againstspam, and various input/output devices 406 (e.g., storage devices,including but not limited to, a tape drive, a floppy drive, a hard diskdrive or a compact disk drive, a receiver, a transmitter, a speaker, adisplay, a speech synthesizer, an output port, and a user input device(such as a keyboard, a keypad, a mouse, and the like)).

It should be noted that the present invention can be implemented insoftware and/or in a combination of software and hardware, e.g., usingapplication specific integrated circuits (ASIC), a general purposecomputer or any other hardware equivalents. In one embodiment, thepresent module or process 405 for providing protection against spam canbe loaded into memory 404 and executed by processor 402 to implement thefunctions as discussed above. As such, the present method 405 forproviding protection against spam (including associated data structures)of the present invention can be stored on a computer readable medium orcarrier, e.g., RAM memory, magnetic or optical drive or diskette and thelike.

While various embodiments have been described above, it should beunderstood that they have been presented by way of example only, and notlimitation. Thus, the breadth and scope of a preferred embodiment shouldnot be limited by any of the above-described exemplary embodiments, butshould be defined only in accordance with the following claims and theirequivalents.

What is claimed is:
 1. A method for processing a call, comprising: receiving, by a processor, a signaling message for setting up the call to an endpoint device of a customer; determining, by the processor, the call is from a caller that has been identified as being a spammer; and processing, by the processor, the call using a filter rule for the customer, when the caller has been identified as being a spammer, wherein the filter rule has been configured by the customer, wherein the filter rule specifies a call handling based upon a category of the spammer.
 2. The method of claim 1, wherein the determining is performed by analyzing information contained within the signaling message.
 3. The method of claim 1, wherein the determining is performed by sending a query to an application server that maintains a list of spammers.
 4. The method of claim 1, further comprising: processing a feedback received from the customer, when the feedback is received from the customer.
 5. The method of claim 1, wherein the spammer is identified by a foreign gateway.
 6. The method of claim 1, wherein the signaling message for setting up the call is received by the processor of a signaling gateway router.
 7. The method of claim 1, wherein the signaling message comprises a session initiation protocol signaling message.
 8. The method of claim 3, wherein a response to the query comprises spammer information, wherein the spammer information comprises the category of the spammer.
 9. The method of claim 4, wherein the processing the feedback comprises recording a plurality of voice packets from the call.
 10. The method of claim 4, wherein the processing the feedback comprises recording a plurality of data packets from the call.
 11. The method of claim 4, wherein the processing the feedback comprises recording an input provided by the customer.
 12. A non-transitory computer-readable medium storing instructions which, when executed by a processor, cause the processor to perform operations for processing a call, the operations comprising: receiving a signaling message for setting up the call to an endpoint device of a customer; determining the call is from a caller that has been identified as being a spammer; and processing the call using a filter rule for the customer, when the caller has been identified as being a spammer, wherein the filter rule has been configured by the customer, wherein the filter rule specifies a call handling based upon a category of the spammer.
 13. The non-transitory computer-readable medium of claim 12, wherein the determining is performed by analyzing information contained within the signaling message.
 14. The non-transitory computer-readable medium of claim 12, wherein the determining is performed by sending a query to an application server that maintains a list of spammers.
 15. The non-transitory computer-readable medium of claim 12, further comprising: processing a feedback received from the customer, when the feedback is received from the customer.
 16. The non-transitory computer-readable medium of claim 12, wherein the spammer is identified by a foreign gateway.
 17. The non-transitory computer-readable medium of claim 12, wherein the signaling message for setting up the call is received by the processor of a signaling gateway router.
 18. The non-transitory computer-readable medium of claim 14, wherein a response to the query comprises spammer information, wherein the spammer information comprises the category of the spammer.
 19. The non-transitory computer-readable medium of claim 15, wherein the processing the feedback comprises recording a plurality of voice packets from the call.
 20. An apparatus for processing a call, comprising: a processor; and a computer-readable medium storing instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising: receiving a signaling message for setting up the call to an endpoint device of a customer; determining the call is from a caller that has been identified as being a spammer; and processing the call using a filter rule for the customer, when the caller has been identified as being a spammer, wherein the filter rule has been configured by the customer, wherein the filter rule specifies a call handling based upon a category of the spammer. 